• Own AI behavior monitoring: Define what trustworthy and untrustworthy AI behavior looks like, and ensure it is measurable in production. • Own AI observability standards: Establish telemetry, tracing, logging, and alerting requirements for AI systems and agentic workflows. • Own control validation for agentic systems: Verify that guardrails, policy checks, access boundaries, and execution constraints are functioning as intended. • Own AI security event analysis: Detect, investigate, and document suspicious, unsafe, or non-compliant AI behaviors and coordinate response. • Own implementation support for governance frameworks: Translate governance principles into technical and operational requirements that product and platform teams can adopt. • Own AI trust metrics and reporting: Define KPIs, KRIs, and dashboards that show leadership whether AI systems are operating within approved trust and security boundaries. • Own continuous improvement of AI controls: Use incidents, testing, behavioral findings, and stakeholder feedback to strengthen control design and reduce residual risk over time.

• Designing and implementing scalable automation and AI-driven tools to enhance security controls, architecture reviews, risk identification, and decision support. • Partnering with Application Security, Cloud Engineering, Platform teams, and enterprise architects to develop automated security guardrails and integrate security policies into development workflows. • Ensuring new systems, integrations, and services comply with organizational security standards through automated validation, policy-as-code, and continuous monitoring. • Building reusable security frameworks, intake processes, and automated validation mechanisms to reduce manual review effort while improving consistency, visibility, and compliance. • Performing and scaling risk assessments and security architecture reviews for applications, cloud platforms, APIs, and system integrations. • Collaborating with software development teams to create innovative, automated security solutions that demonstrate measurable business efficiency gains, leveraging AI to address security gaps. • Quickly adapting to new security challenges, especially related to IaaS platforms, and engaging with lead architects and technical leads through design reviews, pair programming, code reviews, and sharing AI expertise. • Documenting solutions clearly to support team training and production support personnel.

• Security research including development of tools for vulnerability analysis and mitigation • Development of static and run-time analysis tools to figure out root cause and input conditions related to a vulnerability • Vulnerability triage and proof of concept exploit development to support the creation of detection content • Write detailed technical reports, summaries, and testing methodologies • Research emerging technologies, protocols, and testing methodologies • Develop proof of concept exploits for testing vulnerability mitigations • Perform patch analysis to find and trigger vulnerabilities • Reverse engineer binary applications, protocols, and formats • Analyze vulnerabilities and emerging security threats and technologies • Provide critical security focused expertise to engineering organizations

• Own AI behavior monitoring: Define what trustworthy and untrustworthy AI behavior looks like, and ensure it is measurable in production. • Own AI observability standards: Establish telemetry, tracing, logging, and alerting requirements for AI systems and agentic workflows. • Own control validation for agentic systems: Verify that guardrails, policy checks, access boundaries, and execution constraints are functioning as intended. • Own AI security event analysis: Detect, investigate, and document suspicious, unsafe, or non-compliant AI behaviors and coordinate response. • Own implementation support for governance frameworks: Translate governance principles into technical and operational requirements that product and platform teams can adopt. • Own AI trust metrics and reporting: Define KPIs, KRIs, and dashboards that show leadership whether AI systems are operating within approved trust and security boundaries. • Own continuous improvement of AI controls: Use incidents, testing, behavioral findings, and stakeholder feedback to strengthen control design and reduce residual risk over time.